Masking credit card information in recording

We take lots of payments over the phone, and we need to record the calls for QA. I need to somehow strip or mask credit card information on the recordings for PCI compliance. I have lots of threats about this, but almost no solutions (besides really expensive third party software).

Can any body help me with this?

The “Really expensive 3rd party software” is the way to go. That’s why it is expensive it provide real solutions for real problems.

Now if you come here to an OpenSource forum trying to find a free solution then here is my two cents:

Create a dialplan where before asking for the PII information you can stop or pause the mixmonitor(by asking the user to press a key to start the input), then start again the recording(by asking the confirmation of the user) again. Just check that it doesn’t two differents files and if so create a start UID var to share between both files and then a script to join it every X mins or when finish(?)

You must pause the recording. Stripping after the fact will not be acceptable under PCI DSS.

Maybe you could modify app_mixmonitor to pause the recording if it hears any DTMF. The agent would then unpause.

I think you can use MixMonitor Mute as a workaround to your issue.

I found this in the source code of mix monitor.

00155 Monitor
00156 StopMixMonitor
00157 PauseMonitor
00158 UnpauseMonitor

I have been working on an Asterisk project years ago (2008) and had the same question. A real Asterisk expert wrote me a patch that did the job. Today I found a reference in the source code of mix monitor that suggest that the feature has made it to the release version. There is also a mute/unmute reference in the source code. I have no idea if the features/functions/apps are documented but they seem to be there.

PauseMixMonitor does the job and has, I believe, been in the standard version since Asterisk 1.8.

1 Like